Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Don't miss out! 2025 Microsoft Fabric Community Conference, March 31 - April 2, Las Vegas, Nevada. Use code MSCUST for a $150 discount. Prices go up February 11th. Register now.

Reply
MCassady
Helper I
Helper I

Pass website permissions to embedded report

‎12-13-2022 10:18 AM

I have a report embedded in a website page.

 

There are two SQL tables, which control what buildings/data a user on the website can see/access.

 

1. The User table holds things like user name, encrypted password, contact info.

2.  The UserSites table links those users with which buildings they will see on the website.

 

Example:

 

User

 

UserIDUserNameEmail
1Bobbob@bob.ca
2Johnjohn@john.com

 

 

UserSites

 

UserIDBuildingID
110
111
112
210

 

Based on this data, Bob would be able to see building 10,11, and 12, but John can only see data for building 10.

 

Is there a way to pass this relationship into an embedded powerbi report, to limit what the authenticated user sees based on their login from the parent website?

 

I have read that row level security may help, but I think I would have to set it up, and republush the report every time we get a new user or new building. This seems like too manual of a process.

Labels:
Message 1 of 4
844 Views
0
3 REPLIES 3
TomMartens
Super User
Super User

‎12-13-2022 10:30 AM

Hey @MCassady ,

 

you have to use Row Level Security but you can make it dynamic by using the function USERPRINCIPALNAME.
Next to that you have to create a relationship between the user and the usersites table.
Of course, you have to make sure that both tables are containing the proper data, meaning new users must be added to the user table and the usersites table has to be adapted as well.

If this is given each data refresh makes sure that the user are seeing what they are allowed to see.
Hopefully, this provides an idea on how to tackle your challenge.

 

Regards,

Tom



Did I answer your question? Mark my post as a solution, this will help others!

Proud to be a Super User!
I accept Kudos 😉
Hamburg, Germany
Message 2 of 4
808 Views
0
MCassady
Helper I
Helper I
In response to TomMartens

‎12-14-2022 10:47 PM

I think I've figured it out. I have to have the role also checked, not just the "Other User"

MCassady_7-1671086762305.png

 

Is there a way to set up RLS JUST for "other user." That way we do not have to add/remove employees roles as they come or go? It'd be nice to just have them in our User SQL table, as they will be in there without any extra powerbi steps.

 

Message 4 of 4
790 Views
0
MCassady
Helper I
Helper I
In response to TomMartens

‎12-14-2022 10:40 PM

Hey @TomMartens ,

I am trying to set this up as you suggested, however I am having trouble testing it.

 

I created this relationship:

 

MCassady_5-1671086384599.png

As well as the following RLS:

 

MCassady_4-1671086256478.png

 

And here is my test data:

 

 

User:

MCassady_2-1671086132883.png

 

UserSite:

MCassady_3-1671086150509.png

 

 

However, when I click "view as 'Other User'", and use an email that IS NOT in this list... I am still able to see the data on the screen. Am I doing something wrong?

MCassady_6-1671086565319.png

 

 

When I enter in cassady@cassady.com, I would expect the dashboard to only allow me to see data for TestSite1.

 

 

Any ideas?

 

 

 

Message 3 of 4
791 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All